TINC and OpenVPN tunnel performance on a Windows client

Teemu Kiviniemi teemuki at iki.fi
Thu Nov 6 14:39:03 CET 2003 

Hi,

I had some performance problems with TINC running on Windows XP. I had a
VPN tunnel running over a wireless network to a Linux VPN server. Web
browsing through the tunnel was a pain. Big web pages with lots of
pictures loaded very slow compared to a plain network connection. 

When the VPN client was running on a Linux computer, and a Windows
computer was browsing the web through the VPN tunnel, everything worked
just fine. The performance of web browsing through the tunnel was about
the same as with a plain unencrypted network connection.

I recently tested the setup with OpenVPN on Windows too, but the
performance of web browsing didn't get better.

The speed of a single file transfer through the tunnel was quite good.
Browsing a complex web page creates a lot of simultaneous transfers from
the web server to the browser. I thought that the problem must have
something to do with simultaneous transfers.

I did some tests of OpenVPN and TINC performance on a Windows client.
Specifically, I was looking at the performance of multiple simultaneous
transfers and PING latency/packet loss during the transfer.

****

Test method:
- three simultaneous FTP downloads are started on the Windows computer
(file size 7612995 bytes)
- at the same time, the Linux computer pings the Windows computer to see
the latency and packet loss of the tunnel during the transfer.
- record the transfer times, packet loss and latency
- repeat three times, calculate the average

****

Test setup:

Network: 10Mbps switched Ethernet, only test computers connected

VPN client:
- Windows Server 2003
- TINC 1.0.1 (Windows installer version)
- OpenVPN 1.5 beta12 (Windows installer version)
- Windows command line FTP client

VPN server:
- Debian Woody
- 2.4.20 kernel
- TINC 1.0pre8
- OpenVPN 1.5 beta12
- OpenBSD FTP server

VPN client settings:

- Generic OpenVPN settings:
cipher bf-cbc
dev tap
tun-mtu 1500
tun-mtu-extra 32
- OpenVPN-TCP settings:
proto tcp-client
- OpenVPN-UDP settings:
proto udp
- OpenVPN-UDP-LZO settings:
proto udp
comp-lzo

- Generic TINC settings:
Mode = switch
PriorityInheritance = no
Cipher = blowfish
Compression = 0
MACLength = 4
- TINC-TCP settings:
TCPonly = yes
- TINC-UDP settings:
TCPonly = no

****

Test results:

PING: packet loss:
- plain network:	0%
- OpenVPN-TCP:		0%
- OpenVPN-UDP:		27,3%
- OpenVPN-UDP-LZO:	25%
- TINC-TCP:		19,3%
- TINC-UDP:		52%

OpenVPN-TCP works as well as the plain network connection during the
transfers. The other tunnels drop too much packets to be usable.

PING: latency, min/avg/max (ms):
- plain network:	1,2/9,1/50,7
- OpenVPN-TCP:		4,5/121,1/352,6
- OpenVPN-UDP:		3,7/25,7/88,9
- OpenVPN-UDP-LZO:	3,5/25,4/79,0
- TINC-TCP:		7,3/34,4/88,9
- TINC-UDP:		4,1/14,5/75,9

The maximum latency of TINC-TCP doesn't get as big as the latency of
OpenVPN-TCP, but that might have something to do with the large packet
loss TINC-TCP is having.

FTP: transfer times FTP1/FTP2/FTP3/total (s):
- plain network:	24,0/24,6/24,9/73,5
- OpenVPN-TCP:		52,2/52,3/52,3/156,9
- OpenVPN-UDP:		57,5/56,8/68,9/183,1
- OpenVPN-UDP-LZO:	62,8/64,5/70,4/197,7
- TINC-TCP:		160,1/148,1/137,7/445,9
- TINC-UDP:		57,6/85,9/63,9/207,3

OpenVPN-TCP is clearly the fastest tunnel. TINC-TCP is way too slow, and
UDP tunnels are somewhat slower than OpenVPN-TCP.

FTP: difference of the simultaneous transfer times:
(slowest transfer time/fastest transfer time*100-100)
- plain network:	3,9%
- OpenVPN-TCP:		0,4%
- OpenVPN-UDP:		35,0%
- OpenVPN-UDP-LZO:	37,9%
- TINC-TCP:		17,4%
- TINC-UDP:		75,9%

OpenVPN-TCP wins again. It provides the most consistent transfer times
for the simultaneous transfers.

Subjective analysis:

I had the hash printing of the FTP clients enabled, so I could see the
transfer progress. All the UDP tunnels and TINC-TCP provided very
inconsistent transfer speeds. One FTP client could transfer very fast,
while two were transferring slower, if transferring anything at all. The
transfers over a plain network connection and OpenVPN-TCP ran without
delays, and the speed of all the transfers looked the same.

****

I have had these performance problems only with a Windows client. A
TINC-UDP VPN tunnel between two Linux computers runs perfectly.

Has anyone else had problems like this? Can anyone verify my results
with another setup? I haven't got access to other computers at the
moment. What could cause the problems on Windows?

Thanks,

Teemu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://brouwer.uvt.nl/pipermail/tinc-devel/attachments/20031106/326dcc74/attachment.pgp

More information about the Tinc-devel mailing list